July 6, 2004 11:11 AM PDT
Fear of viruses and poor protection grows
Natasha Staley, an information security analyst at MessageLabs, said Tuesday that given the massive increase in virus activity over the past couple of years, it's likely this alarming growth will continue.
The greatest concern to the antivirus industry, however, will be the fact that many businesses believe time is running out for companies whose protection from malicious software now lags behind the advances being made by virus writers.
According to separate research from the FBI, 99 percent of businesses have antivirus protection. Yet in 2003, 82 percent were attacked by a virus, resulting in more than $200 billion in losses.
Therefore, it's perhaps unsurprising that only 35 percent of respondents to the MessageLabs survey expressed confidence in traditional antivirus software, while 43 percent said they are no longer confident about the protection it affords. Almost a quarter of respondents (22 percent) said the changing face of virus threats means traditional antivirus products will be obsolete within the decade.
MessageLabs' Staley said that much of the problem results from the inherent "sacrificial lamb" approach to so-called signature-based antivirus technology--the chance that somebody may "need" to get infected with a virus for others to be protected. Signatures are short code snippets or patterns found in a virus or Trojan horse that are unique to the program. Antivirus software can use such identifiers to weed out bad programs from the good.
"This research shows that customers are starting to lose faith in traditional antivirus solutions," Staley said. "It can be very frustrating for companies who are still be getting caught out, despite doing everything they can to protect themselves."
Much of the problem is with the rapid propagation of worms. Those pieces of malware known as "Warhol" worms, worms that spread rapidly and enjoy "15 minutes of fame," often do their damage long before patches have been put in place or a signature-based antivirus solution database has been updated.
Often that process of updating signature files and putting a fix in place can take anywhere between six or seven hours and a whole day.
Security software company Finjan, which claims to proactively stop viruses by scanning and monitoring all active content on a network, refers to this as a "window of vulnerability." In essence, a window exists from the point a vulnerability is known until the point when it is fixed. Any exploit released into the wild during that time can cause serious harm to a business.
Nick Sears, a vice president at Finjan Software, said: "Many of the current (antivirus) solutions are excellent at recognizing and blocking viruses that currently exist, but cannot cope with new Internet attacks."
The very nature of signature-based antivirus technology, at its most rudimentary, means there is always a danger some customers will be hit, so that others can be protected.
Sears added: "As a result, it is purely a question of luck as to whether you or your competitor is hit in this interim period."
Will Sturgeon of Silicon.com reported from London.
1 commentJoin the conversation! Add your comment